» Tag
Two critical bugs in Cursor's command sandbox let an attacker-controlled AI agent write outside it and reach RCE. Both are fixed in Cursor 3.0.